Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

livkristin

Posted 05 September 2005 - 05:05 PM

livkristin

New Member

Topic Starter

Member

8 posts

Hi again!

That seemed to delete the problem as I could not find the file C:\Program Files\FriSurf and when I restarted I did not get the same message. However, after restarting tonight it is back... I also belive that it shows up in the Hijackthis file. The new log follows:

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Find and delete these files and folders (if they are still there):C:\Program Files\FriSurf <= this folderC:\Program Files\Instant Access <= this folderC:\WINDOWS\DOWNLOADED PROGRAM FILES\EGAUTH.inf <= this file

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

Click on scanner

Click on Complete System Scan and the scan will begin.

You will be prompted to clean the first infection.

Select "Perform action on all infections", then proceed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report.

Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Reboot your computer back into normal mode and post a new HijackThis log and the Ewido Log by using Add Reply.

livkristin

Posted 07 September 2005 - 12:16 PM

livkristin

New Member

Topic Starter

Member

8 posts

Hi again! You never seem to get rid of me...

I have Ad-Aware SE Plus and have been running that almost every day lately. In addition, I have also been running ewido and that has cleaned some infected files. However, when I ran them now in SafeMode none of them found anything suspisious. So no logs to send you-

When:Click Start > Run.

Type the following:

regsvr32 /u p2esocks_1015.dll

Click OK.

The following message appears:"LoadLibrary ("p2esocks_1015.dll" failed. The specified module could not be found.

After rebooting my computer back into normal mode the error message does not appear. However, I get this message: "Server busy - This action cannot be completed because the other program is busy. Choose 'Switch To' to activate the busy program and correct the problem." I did not click on 'Switch To' but on 'Retry'. Everything seemed fine before I agan rebooted my computer and the error message with p2esocks_1015.dll was back.

When I run HijackThis the two files appear again. This is the new log:

livkristin

Posted 08 September 2005 - 04:56 AM

livkristin

New Member

Topic Starter

Member

8 posts

The problem is a true pain!

I have done what you have told me to and neither Ad-Aware or Ewido finds anything. However, what I realize is that the first time I reboot my computer into normal mode the Ad-Watch Event Log shows that 2 registry modifications are detected. I have save these as a log:

didom

Posted 08 September 2005 - 08:59 AM

didom

Member 1K

Member

1,919 posts

You have ad-aware's ad-watch running on your machine and that is good.But prior to doing the fix below with hijackthis it needs to be turned off.Please do the following.

Open AdAware Se.Go to AdWatch User Interface.Go to Tools and Preferences.At the bottom of the screen you can see two checkable items called Active and Automatic.Active: This will turn Ad-Watch On\Off without closing itAutomatic: Suspicious activity will be blocked automaticallyUncheck those boxes.

Then reboot your computer.

Remember when we have completed cleaning your machine to turn them back on.

didom

Posted 08 September 2005 - 09:43 AM

Can I delete the fix.reg file on my desktop since I have merged it with the registry? By the way, what antivirus program do you recommend?

Yeah you can delete the file, and AVG is just fine!

Don't forget to re-hide all files and folders. To re-hide all files and folders:

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading deselect "Show hidden files and folders".

Check the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....